Blog updates for Mbin (fork of /kbin). Upcoming features, issues or anything else related Mbin or the fediverse.
Just follow this magazine to keep yourself up-to-date!
Dear kbin server owners, upgrade your Kbin instance now! Ernest just merged a critical hot fix into the develop branch.
If you don't update, your Kbin instance is vulnerable for HTML/JS injection. Which allows bad actors to do very nasty things on your instance and attack your visitors on your site.
Commit: https://codeberg.org/Kbin/kbin-core/commit/8ee87ba9fbb3192865dfebb054bec3da56b9493e
Thanks the hot tip, I'm attacking eveny kbin instance while I still can!
Thanks you for your compassion.
@sarsaparilyptus Lemmy got hacked..
That wasn't me, I was in the comfort of my living room jacking it to Sonic R34 all night last night
Honestly, the fact that kbin was open to injection attacks in the first place is hilarious. Thatβs like day 1 cybersecurity training.
Anyone have the Bobby Tables xkcd handy?
Edit: Found it.
@Mic_Check_One_Two Actually it was just since recently the case. Kbin used to escape the content, of course.. But after an upgrade to a newer Markdown parser version, it was overlooked in a PR.
We are recently approved for the Codeberg CI, hopefully allowing us to setup a good CI/CD pipeline. Avoiding these kind of regressions in the first place. Kbin is still in beta.